Long past time to fix evidence-sharing across borders

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Wednesday, June 22, 2016

Everyone agrees that the current international order for sharing evidence in criminal prosecutions is broken. This is at the heart of the litigation Microsoft is pursuing against the Department of Justice (DOJ) over data stored in Ireland, after a New York judge ordered Microsoft to retrieve and give the government the contents of communications of a customer. Microsoft, and the many companies and organizations supporting its position, asked the court to prohibit the DOJ from getting communications content from overseas via a U.S. warrant. The government’s alternative would be to use the antiquated and slow mutual legal assistance treaty (MLAT) process. While this case awaits a decision by the U.S. 2nd Circuit Court of Appeals in New York, all sides agree that, whatever the outcome of the decision, it will not begin to solve the larger — and critical — international data-sharing issues.

Attorney Confidentiality, Cybersecurity, and the Cloud

Daniel J. Solove by Daniel Solove, TeachPrivacy
Monday, June 6, 2016

There is a significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations. This issue is especially acute when it comes to using the cloud to store privileged documents. A common myth is that storing privileged documents in the cloud is a breach of attorney-client confidentiality. In other instances, many attorneys and firms are not paying sufficient attention to their obligation to protect the confidentiality and security of the client data they maintain.

Three Shades of Privacy

Tracy Mitrano by Tracy Mitrano, Mitrano & Associates
Monday, April 18, 2016

More than any of the other Big Five (Google, Facebook, Amazon, Apple and Microsoft), Microsoft has seriously challenged the government in the courts on electronic surveillance. This proactive case in the Washington federal court is a companion to the one in the Second Circuit that questions the Department of Justice overreach to demand consumer email in servers held outside of the United States without the benefit of clear law on that point. As I have argued previously, I support Microsoft in these efforts even as I did not Apple in the iPhone case. The difference lies between unsettled and settled law, respectively, and in a thoughtful, sound approach taken by Microsoft in contrast to the shooting from the hip, technology-centric tact taken by Apple. Whatever your views, these are very worthy topics for us to debate.

What Agency Can Benefit The Most From IoT/CSP?

Scott Andersen by Scott Andersen, Creative Technology & Innovation
Friday, April 15, 2016

The huge IoT impact point in the next couple of years will be in the world of data. The production of, consumption of and analysis of data produced by sensors. Many government agencies have already embraced Cyber Physical Systems (IoT) and continue to push further and further into the world of data production, movement and analyses.

Data security is the next evolution of public safety debate

Julie Anderson by Julie Anderson, AG Strategy Group
Wednesday, March 23, 2016

Recently, a group of law enforcement stakeholders discussed creating and managing body-worn camera programs that ensure data security and protect privacy for all those affected. Participants from International Association of Chiefs of Police, the National District Attorneys Association, American Civil Liberties Union and other law enforcement groups examined how standards and best practices can be implemented to balance privacy and security when deploying body-worn cameras. Their participation made it clear that we need a consensus on the policy that will most strongly protect the critical information that these cameras will gather daily. Fortunately, the FBI created a new Criminal Justice Information System (CJIS) security policy that addresses the challenge of securing law enforcement video surveillance data. This policy prescribes methods of data collection, transmission, storage and destruction, providing a standard level of data protection for all criminal justice information. The International Association of Chiefs of Police (IACP) also issued guidance about how these standards apply to cloud-based technology used by state and local police departments.

Is the New Post-Safe Harbor Data Privacy Law a Silver Bullet or a First Step?

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Friday, March 18, 2016

How does the Judicial Redress Act fit in? In striking down Safe Harbor, the European Court of Justice found in it at least two fatal flaws: First, it found privacy protections under Safe Harbor inadequate because they lacked an “independent oversight mechanism that is both effective and impartial” and that “effective remedies need to be available” for European citizens to seek judicial relief if they feel their privacy is violated by the U.S. government. The JRA is intended to provide Europeans with similar rights to seek relief, at least under one U.S. law, as Americans enjoy. Second, the ECJ separately invalidated the Safe Harbor Agreement based on its conclusion that U.S. government intelligence surveillance and data collection activities were inconsistent with EU Privacy law.

The Evolution Of The Connected Cloud

Scott Andersen by Scott Andersen, Creative Technology & Innovation
Friday, March 11, 2016

There is a change coming to cloud computing. The concept of cloud service providers is going to change, with the advent and inclusion of data from Cyber Physical Systems (CPS), sometimes called the Internet of Things (IoT). Today, IoT devices produce more data that virtually every other producing system. Most of the data they produce isn’t used or even noticed.

US-UK data cooperation: A model for the world

Paul Rosenzweig by Paul Rosenzweig, The Chertoff Group
Tuesday, March 1, 2016

The United States and the United Kingdom are negotiating a new data access agreement that would benefit both countries, and serve as a model for similar agreements between the US and other Western nations. According to Congressional testimony from the US Department of Justice (DOJ) the draft agreement would permit American companies to "disclose data directly to the United Kingdom for serious criminal and national security investigations," after UK authorities had gotten legal authorization to access the data from UK courts. That would eliminate a procedural hurdle that delays investigations. Today officials from the UK (and anywhere else in the world) must request the data through the US government instead of going directly to the company - a process that often takes many months. The agreement would, of course be reciprocal. According to The Washington Post, American law enforcement would, similarly, be free to serve warrants for content directly to companies in the UK.

Prosecutors’ Perspective on PoliceBody-Worn Cameras

H. Bryan Cunningham by Bryan Cunningham, Cunningham Levy LLP
Monday, February 22, 2016

BWCs will document highly probative evidence in criminal cases, including admissions of guilt, identifications of suspects, witness statements, and crime scene details. They also will capture citizens in some of their most vulnerable and embarrassing moments, such as domestic violence situations, and in situations where no crime is involved, like helping the ill or injured. Such information requires high levels of security and protection to ensure the confidentiality and integrity of this BWC data. Robust security of BWC data serves two critical purposes. First, this extremely sensitive information needs to be protected from hackers and employees of third parties, such as cloud storage providers, who have no clear, mission-related need to access BWC recordings. Second, for BWC data to be used in court, prosecutors must authenticate the recordings by showing they were produced and maintained through proper technical and policy protocols for camera use, uploading footage, case management, and storage.

You purchased a body camera ... now what?

Jeff Gould by Jeff Gould, SafeGov.org
Wednesday, February 17, 2016

Ready or not, America’s law enforcement are about to deploy body-worn video on an unprecedented scale. You may be one of these agencies. Based on a recent survey conducted jointly by the Major City Chiefs and the Major City Sheriffs, the two associations estimate that 97 percent of their members are “moving forward with body camera systems.” But are agencies large, small and in between ready for this massive deployment of a new technology that is still rapidly evolving? Do they have the necessary IT infrastructure to handle so many cameras? Do they have enough trained staff to manage so much video? Can they reconcile the sometimes conflicting demands of technology and policy? According to Darrel Stephens, Executive Director of the Major City Chiefs Association (MCC), the answer to all these questions appears to be: “not yet.”